Add docs for TLS Server Certificate rotation for K8S (#9636)

* Add docs for TLS Server Certificate rotation for K8s
4 years ago · 3da918089d
parent b5212fbcc6
commit 3da918089d
2 changed files with 29 additions and 1 deletions
--- a/website/content/docs/k8s/operations/certificate-rotation.mdx
+++ b/website/content/docs/k8s/operations/certificate-rotation.mdx
@ -0,0 +1,28 @@
 ---
 layout: docs
 page_title: Certificate Rotation
 sidebar_title: Certificate Rotation
 description: Rotate Certificate on Kubernetes Cluster safely
 ---
 # Rotating Server Certificates
 As of Consul Helm version `0.29.0`, if TLS is enabled, new TLS certificates for the Consul Server
 are issued every time the Helm chart is upgraded. These certificates are signed by the same CA and will
 continue to work as expected in the existing cluster.
 Consul servers read the certificates from Kubernetes secrets during start-up and keep them in memory. In order to ensure the
 servers use the newer certificate, the server pods need to be [restarted explicitly](/docs/k8s/operations/upgrade#upgrading-consul-servers) in
 a situation where `helm upgrade` does not restart the server pods.
 To explicitly perform server certificate rotation, follow these steps:
 1. Perform a `helm upgrade`:
   ```shell-session
   helm upgrade consul hashicorp/consul -f /path/to/my/values.yaml
   ```
   This should run the `tls-init` job that will generate new Server certificates.
 1. Restart the Server pods following the steps [here](/docs/k8s/operations/upgrade#upgrading-consul-servers).
--- a/website/data/docs-navigation.js
+++ b/website/data/docs-navigation.js
@ -193,7 +193,7 @@ export default [
      {
        category: 'operations',
        name: 'Operations',
-        content: ['uninstall', 'tls-on-existing-cluster'],
+        content: ['uninstall', 'certificate-rotation', 'tls-on-existing-cluster'],
      },
      {
        name: 'Troubleshoot',